Referrer handling.

Discussion in 'other software & services' started by JayK, Oct 19, 2003.

Thread Status:
Not open for further replies.
  1. JayK

    JayK Poster

    Joined:
    Dec 27, 2002
    Posts:
    619
    Since there are quite a lot of posts about browsers, let's look at Beonix.

    What is this browser you ask? It sure looks like Mozilla.
    http://www.beonex.com/'

    It's based off the distribution of Mozilla 1.0. but with some additonal security and privacy tweaks. This means it includes not only the browser but also email, and composer.

    There.s a post about cookie handling, now here's one about referrer handling. Can any browser beat the flexibility in Beonix for referrer handling?

    In Beonix there is a seperate UI for refferers. The first 3 options are available in current builds of Mozilla and Firebird but you need to alter them manually.

    What's new are the next 3.

    But what are "third party servers" ?

    Normally when you visited www.secondsite.com by clicking a link on firstsite.com , www. firstsite.com will appear in the logs of secondsite.com as a referrer.

    Disenable third party servers will cause a null/blank referrer to be sent in such cases, while allowing referrers to be sent normally within the same host.

    This can be very useful if you dont like webmasters learning about how you found your site, espically search engines which show the search terms in the url.

    It does *allow* referrers when moving from www.wildersecurity.com/index.html to www.wildersecurity.com/whatever.html. The idea is it belongs to the same guy anyway, so it doesnt matter really.

    Some sites are pretty evil, and they block you if they detect this. Faking referrers would involve sending urls based on the top host name. Eg if you visit www.examplesite.com/test/test.htm, it will receive www.examplesite.com as the referrer.

    This can help avoid most but not all of the problems of such hostile sites.


    Some other nice tweaks with the mail client in Beonix.

    Mailnews

    * All possibly problematic HTML is removed, vastly improving readability, security and privacy
    o This prevents almost all of the common security and privacy threats while reading email, incl. the recent flood of worms.
    o Manually opening attachments, however, is outside the scope of Beonex Communicator and still dangerous.
    * JavaScript completely disabled
     

    Attached Files:

  2. JayK

    JayK Poster

    Joined:
    Dec 27, 2002
    Posts:
    619
    I've being looking around comparing it to Firebird 0.7 and Mozilla 1.5, doesn't seem to be worth it, since it's based on the rather old Mozilla 1.0. This means a lot of feature being lost.

    E.g Type find ahead , many extensions/themese may not work, etc.

    I can't seem to find anything new is Beonex besides the referrer settings and this.


    http://www.beonex.com/communicator/doc/feature/mailnews/bodyoptions/

    In the mail client, * All possibly problematic HTML is removed, vastly improving readability, security and privacy

    This sure sounds like the pretty popular Benign by firetrust

    All in all it looks nice, but I wish it was based off something more recent like 1.5 or 1.4
     
  3. crockett

    crockett Registered Member

    Joined:
    Jul 15, 2002
    Posts:
    333
    Hi JayK

    I like Beonex, feel very comfortable using it. In fact, I prefer Beonex (and Phoenix 0.5) to more recent FireBird versions.

    Agree with you about the referrer management... Nice to get to such a precision level.

    My Beonex discovery I owe to Bellgamin in http://www.wilderssecurity.com/showthread.php?t=14249

    ATGuard also had an interesting way of handling ref's (and cookies), among which the ability to track the destination those refs were being sent to, but that's another story.

    Beonex seems to have its own army of active followers, so maybe some new features will be added soon so as to make it even better.

    One thing I love is that when using JVScripts in Beonex with refs disabled, secondsite is unable to track firstsite identity - all this is logical. But as logical as it is, recent versions of FireBird would display such information, even with ref's blocked !

    One thing I don't like is that you have to first copy/paste the history before backing it up on drive for record. Opera is more flexible in this regard.

    I have a question for you...

    Since Beonex is (I think !?) open-source, if I want to continue to use Beonex AND keep up to date with improvements, say in SSL3 developments, do you know how to get the required files in, e.g., FireBird 0.7 and copy/paste them into Beonex so as to get the best of both worlds ? Which files more precisely ?

    Do you think it might be done even if I'm no programmer (to say the least :) )?

    Rgds, Crockett :cool:
     
Thread Status:
Not open for further replies.